A self-taught man Vital stats 50 most powerful people in networking

NTBugtraq, the Internet equivalent of a watering hole, is a forum for swapping information on suspected bugs in Microsoft products or getting an early warning about computer worms. Now entering its sixth year, NTBugtraq has become the mailing list for IT managers and vendors who need to read the latest dispatches from the Microsoft security warfront.

"It's very much considered the No. 1 channel for contributing and looking for new updates and information on vulnerabilities," says Firas Raouf, COO at eEye Digital Security, a maker of scanning products. "NTBugtraq is a very critical, fundamental and helpful tool in facilitating the concept of full disclosure on vulnerabilities as they emerge."

If NTBugtraq seems free of the kind of wild-eyed ranting that might afflict any public list about Microsoft, it's because NTBugtraq's founder and moderator, Russ Cooper, is picky about what gets posted on it.

"It has to pass the sniff test," notes Cooper, a Lindsay, Ontario, resident who lives in a countryside house that - in addition to his family, four dogs and a cat - holds a dozen PCs and servers loaded with Microsoft software and testing tools. A 100-mile T-1 line connects Cooper's wilderness outpost to the ISP UUNet in Toronto. The pulsing heart of NTBugtraq is a Chicago-based list-mail server - donated by software vendor L-Soft - that handles mail distribution for about 31,000 NTBugtraq subscribers.

About three-quarters of the messages Cooper gets don't get posted because they fail to "stay on track and to the point," he says. But he does answer a lot of this mail on his own. "If someone says, 'I just discovered a new vulnerability,' well, I'll try to test it first. If the claim looks reasonable, I'll accept it at face value," he adds.

Disclosing Microsoft software vulnerabilities is "a touchy subject," Raouf points out. "Russ is doing a tremendous job in maintaining a level of neutrality."

Cooper's enduring reputation for fair-handedness is all the more remarkable considering risk management vendor TruSecure has owned NTBugtraq since buying the list from him three years ago, for an undisclosed sum. Cooper is now officially TruSecure's "surgeon general" - a title he picked himself, recalling a news story published four years ago that said his work at NTBugtraq made him seem like the "surgeon general of the Internet."